WE CLAIM: 

1 . A network device for managing a software change over a network, 
comprising: 

a transceiver arranged to send and to receive a packet over the network; 
a processor, coupled to the transceiver, that is configured to perform 
actions, including: 

determining an update policy associated with the network device; 
determining an availability of the software change based in part 

on the update policy; 

selecting the software change based in part on the update policy; 
receiving the software change through a distribution service 
according to the update policy; and 

installing the software change on the network device according to 

the update policy. 

2. The network device of Claim 1, wherein the network device is at least 
one of a network appliance, server appliance, internet appliance, intranet appliance, web 
server, cache server, file server, router, gateway, switch, bridge, firewall, and a proxy. 

3. The network device of Claim 1, wherein the update policy further 
comprises at least one of a selection criterion, a delivery criterion, and an installation 
criterion. 

4. The network device of Claim 1, wherein the distribution service is 
further configured to enable access to the software change from at least one of a 
repository, a third-party service, a test server, and a development server. 

5. The network device of Claim 1, wherein the distribution service further 
comprises at least one of a reverse proxy server, and a peer-to-peer device. 
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6. The network device of Claim 1, wherein selecting the software change 
further comprises determining the selection based in part on at least one of a hardware 
configuration of the network device, a priority associated with the software change, a 
software configuration of the network device, a type associated with the software 
change, a control list, an impact associated with the software change, and a schedule. 

7. The network device of Claim 1, wherein the software change is 
independent of a software version number. 

8. The network device of Claim 1, wherein installing the software change 
further comprises: 

validating the integrity of the software change in part through a 
cryptographic mechanism. 

9. The network device of Claim 1, the software change further comprises a 
third-party change, wherein the third-party change is included in the software change at 
least in part by a third-party. 

10. The network device of Claim 1, wherein installing the software change 
further comprises generating a log that enables rollback of the installed software 
change. 

1 1 . The network device of Claim 1, wherein the software change further 
comprises a change package that includes at least one of a binary file, a configuration 
file, a change descriptor, a package descriptor, test procedure, and a deployment 
descriptor. 

12. The network device of Claim 1, wherein the software change is digitally 
signed by at least one of a developer, releaser, tester, third-party, and a manager 
associated with the software change. 
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13. The network device of Claim 1 , wherein determining the availability of 
the software change further comprises subscribing to the distribution service. 

14. A method for managing a software change to a network device over a 
network, comprising: 

determining an update policy associated with software for the 

network device; 

determining, over the network, an availability of the software 
change based in part on the update policy; 

selecting the software change based in part on the update policy; 

receiving the selected software change over a distribution service 
according to the update policy; and 

installing the received software change on the network device 
according to the update policy. 

15. The method of Claim 14, wherein determining the update policy further 
comprises determining at least one of a selection criterion, a delivery criterion, and an 
installation criterion for the software change. 

16. The method of Claim 14, wherein determining an availability of the 
software change further comprises: 

subscribing to the distribution service; and 

monitoring the distribution service for the software change. 

17. The method of Claim 14, wherein selecting the software change further 
comprises determining the selection based in part on at least one of a hardware 
configuration of the network device, a priority associated with the software change, a 
software configuration of the network device, a type associated with the software 
change, a control list, an impact associated with the software change, and a schedule. 
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1 8. The method of Claim 14, wherein the software change further comprises 
a change package that includes at least one of a binary file, a configuration file, a 
change descriptor, a package descriptor, test procedure, and a deployment descriptor. 

19. The method of Claim 14, wherein installing the received software 
change further comprises determining at least one of a priority, an impact, an integrity, 
and a time associated with the installation of the software change. 

20. The method of Claim 14, wherein the distribution service further 
comprises at least one of a reverse proxy server and a peer-to-peer distribution service. 

21. A system for communicating a change package over a network, 
comprising: 

a repository configured to store the change package; 

a distribution service, coupled to the repository, that is configured to 
distribute the change package over the network; and 

a client, coupled to the distribution service, that is configured to perform 
actions, including: 

determining an update policy associated with the client; 
determining an availability of the change package based in part 

on the update policy; 

selecting the change package based in part on the update policy; 
receiving the selected change package through the distribution 
service according to the update policy; and 

installing the received change package on the client according to 

the update policy. 

22. The system of Claim 21, wherein the distribution service further 
comprises at least one of a reverse proxy server, and a peer-to-peer network. 
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23. The system of Claim 21, wherein the repository further comprises at 
least one of trust information, subscription information, and an observer mechanism. 

24. The system of Claim 21, further comprising a license manager coupled 
to the distribution service, and enabled to provide at least one of a public key certificate, 
a software license, a control list, and a revocation list. 

25. The system of Claim 21, wherein the change package further comprises 
at least one of a software change, a change descriptor, a package descriptor, and a 
deployment descriptor. 

26. The system of Claim 21, wherein the client further comprises at least one 
of a network appliance, a server appliance, internet appliance, intranet appliance, cache 
server, web server, file server, router, gateway, bridge, firewall, and a proxy. 

27. The system of Claim 21 , wherein the distribution service further 
comprises at least one of a reverse proxy server, and a peer-to-peer device. 

28. An apparatus for managing a software change over a network, 
comprising: 

a transceiver arranged to send and to receive a packet over the network; 
a processor, coupled to the transceiver, that is configured to perform 
actions, including: 

a means for determining an update policy associated with the 

apparatus; 

a means for employing the update policy to perform further 

actions, including: 

a means for determining an availability of the software 

change; 

a means for selecting the software change; 
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distribution service; and 



apparatus. 



a means for receiving the software change through a 
a means for installing the software change on the 
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